adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

4544 Commits

Author SHA1 Message Date
catatonicprime b376dac34b okay linter 2023-05-30 18:40:59 +00:00
catatonicprime cbf850b2b7 Apparently the comment after the rescue squelchs the linter. 2023-05-30 18:38:48 +00:00
Christophe De La Fuente 7bde39ae73 Fixes from code review 2023-05-30 13:26:56 +02:00
Grant Willcox 7ca7c6aee1 Slight efficiency improvements 2023-05-24 17:36:39 -05:00
Grant Willcox e80987ea59 First round of updates from review 2023-05-24 13:17:49 -05:00
Grant Willcox e78cf054b8 Add in EITW notes 2023-05-24 13:17:49 -05:00
Grant Willcox 84961e6e09 Add in documentation 2023-05-24 13:17:49 -05:00
Grant Willcox 9e8d1ed2ea Add in Java class file, raw source code, and tidy up the module a bit 2023-05-24 13:17:48 -05:00
Grant Willcox 155319d479 Save work 2023-05-24 13:17:48 -05:00
Grant Willcox 3faf96aa9d Check return code on target server responses 2023-05-24 13:17:48 -05:00
Grant Willcox 5ded2adfb5 Add in code initial code to start supporting JNDI loading of remote classes, currently a bit broken though 2023-05-24 13:17:47 -05:00
Grant Willcox d00d339de5 Initial copy with JNDI connection back to LDAP server. 2023-05-24 13:17:47 -05:00
Spencer McIntyre f464401dde Land #17782, Add fetch payloads 
Add http wget cmd based fetch payload for Linux and Windows
 2023-05-18 12:18:27 -04:00
bwatters 548a2d7ab4 Add fetch payloads for Windows and Linux x64 2023-05-18 10:47:29 -05:00
catatonicprime a445b07233 removing unnecessary call to payload_uri 2023-05-11 16:35:53 +00:00
catatonicprime d50bd24c2f Adding config cleanup. 2023-05-11 04:57:57 +00:00
catatonicprime cb2c6a7d80 Prevent bypass_auth from being called twice when AutoCheck is true 2023-05-11 00:34:47 +00:00
Grant Willcox 9f0a6503b7 require.js is not the only way, account for this new discovery in code 2023-05-10 13:02:02 -05:00
Grant Willcox 5d4e68d36c Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't 2023-05-10 10:36:29 -05:00
Grant Willcox 1b8f1de7c8 Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters. 2023-05-10 10:16:08 -05:00
catatonicprime c5b0bc68d7 Improved automatic targeting, tested back to major version 14 2023-05-09 23:44:46 +00:00
catatonicprime eff189f221 Ensuring csrf_token is initialized. 2023-05-09 23:43:56 +00:00
catatonicprime 43564b5267 Removing unneeded features/options. 2023-05-09 23:43:30 +00:00
Jack Heysel 79d35ad938 Fixed check method 2023-05-09 14:25:03 -05:00
Jack Heysel eca87ea2eb Updated side effects and fixed fail_withs 2023-05-09 14:25:03 -05:00
Jack Heysel 348750ea70 Updated Authors 2023-05-09 14:25:02 -05:00
Jack Heysel 07056a74bc Pentaho Business Server Auth Bypass and SSTI 2023-05-09 14:24:51 -05:00
catatonicprime c69ca39748 consistent indenting 2023-05-06 05:07:59 +00:00
catatonicprime 0448d408ea Match wording from "How to write a module using HttpServer and HttpClient" on docs.metasploit.com 2023-05-06 04:58:50 +00:00
catatonicprime af3c482acd heh, I probably should have tested that too 2023-05-06 04:55:23 +00:00
catatonicprime e37e506fe2 heh, I probably should have tested this 2023-05-06 04:37:43 +00:00
catatonicprime f27648799b Adding original ZDI reference. Minor formatting changes. 2023-05-05 18:19:53 +00:00
Catatonic Prime 5f12f0e0ba Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-05 11:07:08 -07:00
Christophe De La Fuente 60149259a2 Land #17856, RCE exploit for CVE-2023-26359 (Adobe ColdFusion) and an auxiliary module for arbitrary file read via the same vuln. 2023-04-28 19:27:15 +02:00
Christophe De La Fuente f5b1b96d9a Fix rubocop issues 2023-04-28 16:09:57 +02:00
Christophe De La Fuente 62806caeae Update web_delivery 2023-04-28 16:09:51 +02:00
catatonicprime 97a76e3883 linting changes. removing unnecessary success checks. 2023-04-28 00:07:47 +00:00
catatonicprime 4ba8d62d88 Removing unused documentation 2023-04-28 00:02:37 +00:00
catatonicprime c0be991ed8 removing superfluous options 2023-04-28 00:00:57 +00:00
catatonicprime 12f7134cc6 generating payloads on the fly is what we wanted originally 2023-04-27 19:38:12 +00:00
space-r7 63115c9415 Land #17857, add T3S support for weblogic modules 2023-04-27 11:37:37 -05:00
catatonicprime 16ae6b71f4 Use the generated payload as is. 2023-04-27 15:21:21 +00:00
catatonicprime feec15a482 full_uri has what we need for the origin header 2023-04-27 15:07:15 +00:00
catatonicprime 0be38eb3ab method should do one thing and do it well 2023-04-26 19:32:57 +00:00
catatonicprime 5e93669d75 Enable AutoCheck 2023-04-26 19:28:56 +00:00
catatonicprime 9f6fe964e2 bypass_auth returns the anti-csrf token and vprints active session on success 2023-04-26 18:28:02 +00:00
catatonicprime 8694beebd1 Removing unnecessary search. 2023-04-26 18:17:46 +00:00
catatonicprime 0cf5f4cacc More accurate list of side effects. 2023-04-26 16:55:13 +00:00
catatonicprime bcafd22997 Better defaults pattern for TARGETURI. 2023-04-26 16:54:19 +00:00
catatonicprime 8c87660eaa Explicit stance. 2023-04-26 16:53:04 +00:00